[Acme] [Errata Verified] RFC8555 (5732)

RFC Errata System <rfc-editor@rfc-editor.org> Thu, 22 February 2024 15:52 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E4C85C14CE36; Thu, 22 Feb 2024 07:52:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.958
X-Spam-Status: No, score=-3.958 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 2vBJlOfu5o9v; Thu, 22 Feb 2024 07:52:09 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 623C1C14CF1E; Thu, 22 Feb 2024 07:52:09 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 1C2D31A662B2; Thu, 22 Feb 2024 07:52:09 -0800 (PST)
To: rob@sectigo.com, rlb@ipv.sx, jsha@eff.org, cpu@letsencrypt.org, jdkasten@umich.edu
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: paul.wouters@aiven.io, iesg@ietf.org, acme@ietf.org, iana@iana.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240222155209.1C2D31A662B2@rfcpa.amsl.com>
Date: Thu, 22 Feb 2024 07:52:09 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/zt6zJ3BHACkt91_v1JZvpGXbSks>
X-Mailman-Approved-At: Fri, 23 Feb 2024 02:27:31 -0800
Subject: [Acme] [Errata Verified] RFC8555 (5732)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2024 15:52:14 -0000

The following errata report has been verified for RFC8555,
"Automatic Certificate Management Environment (ACME)". 

You may review the report below and at:

Status: Verified
Type: Technical

Reported by: Rob Stradling <rob@sectigo.com>
Date Reported: 2019-05-23
Verified by: Paul Wouters (IESG)

Section: 8

Original Text
A challenge object with an error MUST have status
equal to "invalid".

Corrected Text
A challenge object with an error MUST have status
equal to "processing" or "invalid".

Section 8.2 says that 'The server MUST add an entry to the "error" field in the challenge after each failed validation query'.  However, if the challenge must then become "invalid", it is never possible to retry any validation query (because "invalid" is a final state for a challenge object).
This erratum is necessary to permit validation query retries to ever happen.

RFC8555 (draft-ietf-acme-acme-18)
Title               : Automatic Certificate Management Environment (ACME)
Publication Date    : March 2019
Author(s)           : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten
Category            : PROPOSED STANDARD
Source              : Automated Certificate Management Environment
Area                : Security
Stream              : IETF
Verifying Party     : IESG